Computer-Related Risks

Peter G. Neumann

Disasters, crimes and high technology are all naturally attractive
subjects, amd Computer-Related Risks has plenty to offer. While the
blurb claims that it is "much more than a collection of computer
mishaps", the bulk of it does consist of fairly straightforward
descriptions of different "incidents". These are arranged both
thematically, into chapters with titles such as "Reliability and
Safety Problems" or "Threats to Privacy and Well-Being", and by area
(such as avionics or banking). Neumann does a good job of providing
succinct descriptions which contain the information essential to
understanding what went wrong (unlike typical newspaper accounts).
Some of the material — such as that on accidents in health services —
is frightening; some of it is just intriguing — the possibility that
there are other intelligent life-forms in the universe but that they
encrypt and compress their signals so efficiently that all we see is
white noise. Neumann ends each chapter with an attempt at general
analysis, and though this often consists of truisms and straight
typological classification, that is more of an indication of how much
work there is to be done in the field than of any failing on his part.
A set of questions comes with each chapter.

While Computer-Related Risks is (to quote from the blurb again)
a "serious, technically oriented book", it is so broad in scope that
it has little technical depth, and most of it will be accessible to
anyone with basic computer literacy. I wouldn't want to put limits on
its potential audience, but a few groups are obvious: people involved
in risk management in an area that involves computers (i.e. anyone
involved in risk management); those who have to make potentially
hazardous decisions in the design, implementation or operation of
computer systems — network administrators, software engineers,
protocol designers and managers of all kinds —; and anyone whose
life or livelihood is critically dependent on computers. As pointed
out above, however, this sort of material has general appeal, and
I think Computer-Related Risks will be enjoyed by almost anyone
interested in computers.